Privacy Policy (Europa)

 

PRIVACY NOTICE FOR CUSTOMERS/USERS IN UK, EU and Other Countries in Europe

We are committed to protecting the individual privacy rights and choices of our client and users and the personal data that you share with us.

Our Privacy Notice contains important information about the types of personal information that we collect and process; what we do with it; who we share it with and why; and your rights when it comes to the personal information you provide us with.

We may need to make changes to our Privacy Notice in line with regulatory requirements; so please check our website for updates from time to time. If there are significant changes such as where your personal data will be processed; we will contact you to let you know.

 

1. Who we are

We are based in California, USA. Our address is:

515 S. Figueroa St, Suite 1230
Los Angeles, CA 90071

Phone: 213-935-7199
Email:
Privacy@kocowa.com
KOCOWA Service: https://help.kocowa.com/hc/en-us/requests/new
In accordance with the GDPR, we have appointed UK and EU Representatives.

Our legal representative in the UK is:

Kristy Gouldsmith
Spencer West LLP
20 Chiswell Street
London
EC1Y 4TW

Our legal representative in the EU is:

Kristy Gouldsmith
Spencer West Germany
Rüsselsheimer Str. 22
60326
Frankfurt

 

2. Types of data that we process, our legal basis and our retention periods

The personal data about you that we collect and process is shown in the table below.  We also show our legal basis for the processing and our retention period.

We take your privacy seriously and we will only ever collect and use personal data where it is necessary, fair and lawful to do so.

We distinguish between ‘active’ and ‘inactive’ users based upon the last log in date. The following chart details the data processed for ‘active’ users.

 For ‘inactive users, we hold your details on our marketing list for two years after you become ‘inactive’, then we move you to a suppression list for three years and then we anonymize your data after five years.

Data that we process Legal basis Retention Period
Name Contract – we need your name in order to provide you with our services. While you are a customer and for the next five years, for tax purposes.
Gender Consent – we would like to take your gender for our statistics but will only do so with your consent. While you are a customer and for the next 5 years, for marketing planning purposes and it will then become anonymized. We will keep our statistics indefinitely.
Date of birth Contract – we only provide our services to people over the age of 18. While you are a customer and for the next 5 years, for tax purposes and it will then become anonymized. We will keep our statistics indefinitely.
Payment status Contract – we need your payment status in order to provide our services. While you are a customer and for the next 5 years, for tax purposes and it will then become anonymized. We will keep our statistics indefinitely.
IP – location of your device Legitimate interest – we need to know what country you are in to give you the right contract While you are a customer and for the next 5 years, for tax purposes and it will then become anonymized. We will keep our statistics indefinitely.
User device brand and model, what browser and operating system are used Legitimate interest – we need to know what device you are using in order to offer you the correct app. While you are a customer and for the next 5 years, for marketing and user experience purposes and will then become anonymized. We will keep our statistics indefinitely.
Subtitle preference Legitimate interest – we offer this service for ease of use for you so that you don’t need to select subtitles each time. While you are a customer and for the next 5 years, for service planning purposes and will then become anonymized. We will keep our statistics indefinitely.
Video time stamp Legitimate interest – we offer this service for ease of use for you to return to content where you left off. While you are a customer and for the next 5 years, for user experience purposes and will then become anonymized. We will keep our statistics indefinitely.
Content watched, viewing history, preferences, watch times, user’s search keyword Legitimate interest – we use this information so that we can pay the correct amount to the content creator.Legitimate interest – we will use this information in order to provide content viewing recommendations. While you are a customer and for the next 5 years, for user experience and preference purposes and will then become anonymized. We will keep our statistics indefinitely.
Name, email, subscription information, content history, user journey (the clicks that the user makes to get to the final destination) Legitimate interest – we use this information for marketing purposes e.g. To suggest a different subscription level.We can send you marketing material once you are a customer or you have made an inquiry as a prospective customer under legitimate interest.You can unsubscribe at any time and we will put your data on our suppression list so that we don’t contact you again by accident.We also collect user journey or user click history (the route used for user to get to final destination) for marketing purposes and in order to improve UI(User Interface) & UX (User Experience) While you are a customer and for the next 5 years, for marketing purposes and will then become anonymized. We will keep our statistics indefinitely.
Information that is automatically collected via essential cookies when you visit one of our websites (please see our cookie popup for more information). We use legitimate interest for essential cookies and consent for all non-essential cookies. Please see our Cookie Policy for the retention periods.

 

Our business requirements – legitimate interests

Action Reason for processing – legitimate interests
Managing our global business and marketing strategies (including recording and reporting on our business development activities) We need to have business development and marketing strategies
Purchasing, maintaining and claiming against our insurance policies We need to protect our business.
Continuously reviewing and improving our services and developing new ones We use your feedback to improve our services.
Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with, any legal proceedings or prospective proceedings. We need to understand our obligations and establish and defend our legal rights.
Monitoring and producing statistical information regarding the use of our platforms, and analysing and improving their functionality. We need to ensure that our website and other platforms are working properly.
Maintaining the security of our systems, platforms, premises and communications, including detecting and preventing threats We need to ensure that our premises and our platforms are secure.
Managing the proposed sale, restructuring, transfer or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation We need to be able to manage or sell parts of our business, if we choose to do so.


We have a legitimate interest in using your personal data for the above purposes.  We have balanced your rights and freedoms against our business needs. Please inform us if you object to our processing.

 

3. Automated decision-making systems

We don’t do any automated decision making.

 

4. Whom we may share your information with

We may share your information with the third parties in this chart:

Entity Legal basis for sharing
Our professional advisers such as lawyers and accountants Legitimate interest
Government or regulatory authorities or law enforcement Legal obligation
Professional indemnity or other relevant insurers Legitimate interest
Regulators/tax authorities/corporate registries Legal obligation
Third parties to whom we outsource certain services such as, without limitation, IT systems or software providers, IT support service, and marketing. Legitimate interest
Third party service providers to assist us with client insight analytics, such as Google Analytics, Meta Pixel, or other marketing/targeting cookies. Consent for these cookies.

 

Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.

Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide our services as effectively as we can.

We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal data appropriately and according to our legal and regulatory obligations.

 

5. Where your information is processed

We are located in California and our servers are also in the USA. Therefore, when you use our services, your data will be transferred to the USA. Please rest assured we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK data privacy laws e.g. we will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.

Our security controls are aligned to industry standards and good practice; providing a controlled environment that effectively manages risks to the confidentiality, integrity and availability of your information.

 

6. How we protect your information

We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal data which is collected, recorded, or processed in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection responsibilities.

Your data is protected by controls designed to minimise loss or damage through accident, negligence, or deliberate actions. Our employees are trained to protect sensitive or confidential information when storing or transmitting data in any medium including electronically and must undertake annual data protection training on this.

 

7. How to access your information and your other rights

You have the following rights in relation to the personal data we hold about you:

  • Your right of access If you ask us, we'll confirm whether we're processing your personal data and, if necessary, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
  • Your right to rectification If the personal data we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified. If you are entitled to rectification and if we've shared your personal data with others, we'll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we'll also tell you who we've shared your personal data with so that you can contact them directly.
  • Your right to erasure You can ask us to delete or remove your personal data in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we've shared your personal data with others, we'll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your personal data with so that you can contact them directly.
  • Your right to restrict processing You can ask us to 'block' or suppress the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data or you object to us. If you are entitled to restriction and if we've shared your personal data with others, we'll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your personal data with so that you can contact them directly.
  • Your right to data portability You have the right, in certain circumstances, to obtain personal data you've provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
  • Your right to object You can ask us to stop processing your personal data, and we will do so, if we are:
    • relying on our own or someone else's legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or
    • processing your personal data for direct marketing purposes.
  • Your right to withdraw consent If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.
  • Your right to lodge a complaint with the Supervisory Authority If you have a concern about any aspect of our privacy practices, including the way we've handled your personal data, you can report it to the Supervisory Authority in your country. We would, however, appreciate the chance to deal with your concerns before you approach the Supervisory Authority so please contact our UK or EU Representative in the first instance.

 

8. Customers/Users in Other Countries than UK and EU.

Your above rights in principle also exist under each country’s data protection law, however, they may be regulated and restricted in a slightly different manner. We will, of course, comply with each applicable country’s data protection law with regard to your rights as a data subject.

We do not have a representative in all countries. However, you may also contact our UK or EU Representative, if you have a complaint, and, of course, us as the responsible controller for the processing of your personal data at the address stated above.

As also stated above, the main processing of your data will occur in the US and by using our service, you will be directly transferring your data to the US. However, in particular when relying on third party service providers, your data may under certain circumstances also be transferred to other countries (in principle any country in the world). To protect your data in countries without an adequate level of data protection, we where applicable comply with each country’s data protection standards (for example, by using the European Commission’s standard contractual clauses: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless we can rely on an exception (for example in the event of a legal proceeding abroad, in cases of overriding public interest, if the performance of a contract requires disclosure or if you have consented).

 

If you still have any questions, Contact us.